Steam for Linux

The following HOWTO tells you how to install the Steam for Linux Limited Beta in a separate user account without giving any root privileges to Steam.This gives you double security:1. None of the Steam programs is ever executed as root, not even the install script2. Steam is not even run with privileges of your primary user account. You are told how to generate a second user account which is a sandbox for Steam.

With the normal standard installation procedure, you give root access to the package installer.The package installer will execute the Steam install script in the package with those root privileges. So yes, the normal installation procedure DOES give root access to Steam.

The fact that you can run it without root afterwards is useless to the security of your system. Once you have run untrustworthy software as root, it can keep the root access and hide itself from you. Once root, always root.

It's very simple: If you trust Linux, you can trust it to have secure user account separation. Then you do not have to trust any software which you run in a separate user account. This allows you to run Steam without trusting it.

And as it is closed source software, it is per definition not trustworthy. Thats the primary difference between open and closed source software.

That's rather stupid and needlessly paranoid. Steam (the binary) cannot elevate to root if you run it as a user unless it executes something that's SUID and owned by root. Whether or not it is closed source. If it could, that would mean it can do it on the other account you just created just for Steam — and it would also mean that the Linux user separation is entirely worthless and insecure.

I do understand some of the concern about the installer of course, but the final expanded program, nope.

OR: manually copy/paste content of deb to system. Run it but don't give password when it asks. Steam will place the updated client nicely in user space. This should be standard installation procedure anyway.

> Once root, always root.That's rather stupid and needlessly paranoid. Steam (the binary) cannot elevate to root if you run it as a user unless it executes something that's SUID and owned by root. Whether or not it is closed source. If it could, that would mean it can do it on the other account you just created just for Steam — and it would also mean that the Linux user separation is entirely worthless and insecure.

I do understand some of the concern about the installer of course, but the final expanded program, nope.

You are not understanding the process of installing deb packages.The deb package of Steam contains a program.This programs is run as root once you install the package.As this program has root access, it theoretically can do ANYTHING to your system, INCLUDING installing programs which have PERMANENT root access and are run automatically when ever you start your system. You don't need to give root access to them after that, the install script can just configure the system to automatically run them as root.Again: Once you run an untrustworthy software as root, your system is compromised. Anything which happens in the system after that CANNOT be trusted anymore. The fact that you are not asked for root privileges after the compromise does NOT mean that the system is not compromised. Of course a compromised system will not ask you to give permissions to malicious software anymore.

The fact of the matter is that games have dependencies, and Steam needs to be able to install and script their configuration. You're giving Steam the same level of trust here on Linux as you do in Windows. If you are concerned about that level of access being given to Steam on Linux, then you probably shouldn't be playing Steam games on a computer that you are that concerned about the security of.

You have no idea just how well I understand .deb packages. I've created a few thousand of them. I know what happens in there, and typically, a .deb package needs root rights for the following reasons:• To write to system directories that regular users do not have access to, eg. the /usr tree, the /usr/local tree, or the /opt tree.• To write information into the Dpkg package cache files so the system knows your program has been installed.

There’s exactly nothing suspicious about this.

There's no such thing as “programs with permanent root access”, because if there were, that would mean there's a security hole inside Linux. Linux is not perfect, of course, so there could be, of course. All the programs, unless SUID, run as the user running them. They cannot elevate unless your user can elevate — either via a bug (as before, that’s an issue you should raise with Kernel developers) or via legit ways such as su or sudo. You can take a look at the result of the .deb package installation (it is possible to specify a different root for dpkg-deb to unpack to, and you can chroot and jail the installation), and if you see something SUID, you can raise the flags. Until then, it's just hot steam from paranoia.

And also, if you don't know your system enough to see whether the install script has “configured the system to automatically run them as root”, you shouldn't be talking about keeping things “secure”.

But hey, I do understand where you’re coming from, I happened to have studied IT security. That whole area is based on paranoia — and that’s what drives it to make things even better and even more secure. I’m totally cool with that, and I’m glad we have things like PGP and SSL and the likes, thanks to security folks. However, if you’re security-concerned, you don’t actually want any closed sourced software (or open sourced, but not thoroughly peer-reviewed software) near a computer that you consider to be trusted and you want to keep secure.

Because... with closed source software you have a much, much bigger issue than root elevation — it leaking data to the creator without your consent. Just tell me how it can’t do that without root elevation, because I think it’s more than possible to see quite a few things on your computer without being an administrator user.

You have no idea just how well I understand .deb packages. I've created a few thousand of them. [...]There's no such thing as “programs with permanent root access”, because if there were, that would mean there's a security hole inside Linux. [...] All the programs, unless SUID, run as the user running them.

Please think about whether you did recently take any drugs. You claim to have packaged thousands of debs, you claim that there are no ways of giving permanent root access to progams on Linux and in THE SAME POST you talk about SUID, which is THE way of giving permanent root to something.

SUID isn't even on the table here. It's highly insecure and is really meant for specific one-off uses instituted by sys admins who know what they're doing and why. A system like Steam should rely on nothing of the sort.